[improve][broker] PIP-473 P5.2: scalable-topics TC timeout + GC sweeps#25884
Merged
Conversation
Adds the periodic background sweeps for the scalable-topics transaction coordinator. Both run on a dedicated single-thread scheduler started by PulsarService and gated on assign-partition-0 ownership — only the elected broker sweeps each cycle. Concurrent sweeps from a stale owner remain safe because every state transition is a header CAS; the election is purely an efficiency measure. Timeout sweep (default 60s): scans the by-deadline index up to `now` and drives each expired open txn through endTransaction(ABORT), which re-reads and CAS- guards the header — so a txn the client commits in the same window is left alone (the InvalidTxnStatus / BadVersion is treated as a benign race). GC sweep (default 300s, retention 900s): for each terminal state, scans the by-final-state index up to `now - retention`. For each candidate, if leftover /txn/op records remain — some participant hasn't applied the outcome, or never received the event (e.g. TC crashed between header CAS and fan-out) — re-drives the fan-out and leaves the header in place so the participant can re-read the true outcome. The header is deleted only once no op records remain, so a committed txn's data is never stranded as "unknown". Config: transactionCoordinatorScalableTopicsTimeoutSweepIntervalSeconds (60), transactionCoordinatorScalableTopicsGcIntervalSeconds (300), transactionCoordinatorScalableTopicsGcRetentionSeconds (900).
…ture>) Match the same pattern used by the new sweep methods (and lhotari's review feedback on this code shape). Drops the CompletableFuture<?>[] + allOf in favour of the typed list helper; no behavioural change.
lhotari
approved these changes
May 29, 2026
Member
lhotari
left a comment
lhotari
left a comment
There was a problem hiding this comment.
LGTM, just a minor comment about handling "closed" state for GC operations.
- runSweep: catch InterruptedException separately and exit quietly (executor shutdownNow() interrupts an in-flight sweep.get() — that's the expected shutdown signal, not a failure). For other Throwables, downgrade to a no-op when closed is already set; only WARN for genuine sweep errors. - ifElectedSweeper: short-circuit at entry and after the async ownership check resolves, so operations don't continue once close() has been called.
Defense-in-depth: the single-thread scheduler plus the blocking get() already serialise sweep cycles, but a per-sweep AtomicBoolean (compareAndSet on entry, reset in finally) makes overlap impossible even if the scheduling is later changed to fixed-rate or a multi-threaded executor.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the periodic background sweeps for the scalable-topics transaction coordinator landed in #25863 (P5.1). Both run on a dedicated single-thread scheduler started by
PulsarServiceand gated on assign-partition-0 ownership — only the elected broker sweeps each cycle. Concurrent sweeps from a stale owner remain safe because every state transition is a header CAS; the election is purely an efficiency measure (per-partition scoping comes with the partitioned TC in a later phase).Timeout sweep
Default cadence 60s. Scans the by-deadline index up to
nowand drives each expired open txn throughendTransaction(ABORT), which re-reads and CAS-guards the header — so a txn the client commits in the same window is left alone (the resultingInvalidTxnStatusException/BadVersionExceptionis treated as a benign race and logged at debug).GC sweep
Default cadence 300s, retention 900s. For each terminal state, scans the by-final-state index up to
now - retention. For each candidate:/txn/oprecords remain — some participant hasn't applied the outcome yet, or never received the event (e.g. the TC crashed between the header CAS and the fan-out) — re-drivefanOutEventsand leave the header in place so the participant can re-read the true outcome. It removes its op records once it applies them, and a later GC pass — seeing no op records — deletes the header.This ordering closes the fan-out-durability gap lhotari raised on #25863 without ever stranding a committed txn's data: we never delete a header while a participant might still re-read it (which would default the outcome to ABORTED).
Config
transactionCoordinatorScalableTopicsTimeoutSweepIntervalSecondstransactionCoordinatorScalableTopicsGcIntervalSecondstransactionCoordinatorScalableTopicsGcRetentionSecondsAll only meaningful when
transactionCoordinatorScalableTopicsEnabled = true(still off by default).Drive-by
Refactored
fanOutEventsto useFutureUtil.waitForAll(List<CompletableFuture<Void>>)— matches the new sweep methods and addresses the same comment lhotari left on P5.1.Test plan
pulsar-broker:test --tests TransactionCoordinatorV5Test— 5 new sweep cases plus all P5.1 cases:sweepTimeouts_abortsExpiredOpenTxnAndFansOutsweepTimeouts_leavesUnexpiredOpenTxnAlonesweepGc_deletesHeaderWhenNoOpsRemainsweepGc_repairsAndRetainsHeaderWhenOpsRemain(the fan-out-durability scenario)sweeps_skipWhenNotElectedpulsar-broker:test --tests TxnMetadataStoreTest/MetadataTransactionBufferTest/MetadataPendingAckStoreTest— green.Deferred / follow-ups